On 09-08-2022 23:07, Ludovic Courtès wrote:
Hello,As Tobias explains at <https://mail.gnu.org/archive/html/help-guix/2022-08/msg00073.html> and as can be seen from ‘.guix-authorizations’, the (guix openpgp) and (guix git-authenticate) machinery reports the fingerprint of subkeys on signatures (when subkeys are used) rather than the fingerprint of primary keys. This should be changed to report primary keys, at least optionally.
Why should it be changed? IIUC .guix-authorizations and (guix ...) care about the key that things were signed with, not necessarily the primary key, so it seems to me that it needs to report the subkey fingerprint, not the fingerprint of the primary key it belongs to, as the primary key is irrelevant to them IIUC.
Greetings, Maxime.
OpenPGP_0x49E3EE22191725EE.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
